Dropbox (again)

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
L1 Bithead

Dropbox (again)

Hello,

We have a requirement to do the following

Block dropbox for some users

Allow dropbox web for some users but block app - use ssl decryption to control uploads

Allow ALL for 2 VIP's - no decryption required

Is this at all possible?

Tags (1)
Highlighted
L7 Applicator

Highlighted
L1 Bithead

Those links dont say how to enable both decryption of dropbox web traffic but also still keep the application working for certain users.

It appears its not possible as dropbox web and app appear as the same application.

Is it possible to create an decryption rule that excludes dropbox decryption for only 2 users thus allowing a few important users access to both the web and desktop app?

Highlighted
L3 Networker

Hi depps, you cannot decrypt based on application since the PAN would need to decrypt the traffic to see what app it is in the 1st place. You would need to create a security policy to allow drop box for the source users in question, then create another policy that denies the app for the rest. For your non decryption VIPs, you could create a decryption policy that contains to the users in question (in the source) with the action of 'no-decrypt'. Then another policy below that that applies to the rest of the users below this policy, with the action set to 'ssl-forward-proxy'

Highlighted
Not applicable

yes but the actual problem here is that decyption does not work for all parts of for example dropbox, linkedIN and others. so if you want your users to have access to these applications, then decypt is not an option (as far as I know) and thus controlling the application is not that straigth forward as it could have been, if decyption had worked.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!